Linaro-mm-sig

linaro-mm-sig@lists.linaro.org

26 participants
6166 discussions

by Alex Morgan

ghost mystery recovery Hacker in 2026 ghost mystery recovery Hacker for 2026 include ghost mystery Recovery Hacker And which utilize blockchain forensics and legal strategies to recover stolen or lost assets. These firms specialize in tracing funds, working with law enforcement, and providing expert testimony to freeze assets. ghost mystery recovery Hacker Highly rated for 2026 for using AI-powered tools to trace funds across exchanges and privacy coins, with a focus on scams and hacked wallets. Email address: support@ ghostmysteryrecovery. c om WhatsApp on (+44) 7480 061765 Website; ghostmysteryrecovery. c om

3 days, 4 hours

Enigles

by Alex Morgan

3 days, 4 hours

Re: [PATCH 2/2] dma-fence: Fix potential tracepoint null pointer dereferences

by Christian König

On 4/14/26 17:49, Tvrtko Ursulin wrote: > Trace_dma_fence_signaled, trace_dma_fence_wait_end and > trace_dma_fence_destroy can all currently dereference a null fence->ops > pointer after it has been reset on fence signalling. > > Lets use the safe string getters for most tracepoints to avoid this class > of a problem, while for the signal tracepoint we move it to before ops are > cleared to avoid losing the driver and timeline name information. Apart > from moving it we also need to add a new tracepoint class to bypass the > safe name getters since the signaled bit is already set. > > For dma_fence_init we also need to use the new tracepoint class since the > rcu read lock is not held there, and we can do the same for the enable > signaling since there we are certain the fence cannot be signaled while > we are holding the lock and have even validated the fence->ops. > > Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> > Fixes: 541c8f2468b9 ("dma-buf: detach fence ops on signal v3") > Cc: Christian König <christian.koenig(a)amd.com> > Cc: Philipp Stanner <phasta(a)kernel.org> > Cc: Boris Brezillon <boris.brezillon(a)collabora.com> > Cc: linux-media(a)vger.kernel.org > Cc: linaro-mm-sig(a)lists.linaro.org > --- > drivers/dma-buf/dma-fence.c | 3 ++- > include/trace/events/dma_fence.h | 33 ++++++++++++++++++++++++++++---- > 2 files changed, 31 insertions(+), 5 deletions(-) > > diff --git a/drivers/dma-buf/dma-fence.c b/drivers/dma-buf/dma-fence.c > index a2aa82f4eedd..b3bfa6943a8e 100644 > --- a/drivers/dma-buf/dma-fence.c > +++ b/drivers/dma-buf/dma-fence.c > @@ -363,6 +363,8 @@ void dma_fence_signal_timestamp_locked(struct dma_fence *fence, > &fence->flags))) > return; > > + trace_dma_fence_signaled(fence); > + > /* > * When neither a release nor a wait operation is specified set the ops > * pointer to NULL to allow the fence structure to become independent > @@ -377,7 +379,6 @@ void dma_fence_signal_timestamp_locked(struct dma_fence *fence, > > fence->timestamp = timestamp; > set_bit(DMA_FENCE_FLAG_TIMESTAMP_BIT, &fence->flags); > - trace_dma_fence_signaled(fence); I think this part here should be a separate patch. > > list_for_each_entry_safe(cur, tmp, &cb_list, node) { > INIT_LIST_HEAD(&cur->node); > diff --git a/include/trace/events/dma_fence.h b/include/trace/events/dma_fence.h > index 3abba45c0601..9e0cb9ce2388 100644 > --- a/include/trace/events/dma_fence.h > +++ b/include/trace/events/dma_fence.h > @@ -9,12 +9,37 @@ > > struct dma_fence; > > +DECLARE_EVENT_CLASS(dma_fence, > + > + TP_PROTO(struct dma_fence *fence), > + > + TP_ARGS(fence), > + > + TP_STRUCT__entry( > + __string(driver, dma_fence_driver_name(fence)) > + __string(timeline, dma_fence_timeline_name(fence)) > + __field(unsigned int, context) > + __field(unsigned int, seqno) > + ), > + > + TP_fast_assign( > + __assign_str(driver); > + __assign_str(timeline); > + __entry->context = fence->context; > + __entry->seqno = fence->seqno; > + ), > + > + TP_printk("driver=%s timeline=%s context=%u seqno=%u", > + __get_str(driver), __get_str(timeline), __entry->context, > + __entry->seqno) > +); > + Mhm, I'm strongly in favor to just use this approach for all trace points. The minimal extra overhead shouldn't really matter at all. Regards, Christian. > /* > * Safe only for call sites which are guaranteed to not race with fence > * signaling,holding the fence->lock and having checked for not signaled, or the > * signaling path itself. > */ > -DECLARE_EVENT_CLASS(dma_fence, > +DECLARE_EVENT_CLASS(dma_fence_ops, > > TP_PROTO(struct dma_fence *fence), > > @@ -46,7 +71,7 @@ DEFINE_EVENT(dma_fence, dma_fence_emit, > TP_ARGS(fence) > ); > > -DEFINE_EVENT(dma_fence, dma_fence_init, > +DEFINE_EVENT(dma_fence_ops, dma_fence_init, > > TP_PROTO(struct dma_fence *fence), > > @@ -60,14 +85,14 @@ DEFINE_EVENT(dma_fence, dma_fence_destroy, > TP_ARGS(fence) > ); > > -DEFINE_EVENT(dma_fence, dma_fence_enable_signal, > +DEFINE_EVENT(dma_fence_ops, dma_fence_enable_signal, > > TP_PROTO(struct dma_fence *fence), > > TP_ARGS(fence) > ); > > -DEFINE_EVENT(dma_fence, dma_fence_signaled, > +DEFINE_EVENT(dma_fence_ops, dma_fence_signaled, > > TP_PROTO(struct dma_fence *fence), >

3 days, 6 hours

Re: [PATCH 1/2] dma-fence: Silence sparse warning in dma_fence_describe

by Christian König

On 4/14/26 17:49, Tvrtko Ursulin wrote: > Sparse complains about assigning a string to a __rcu annotated local > variable: > > drivers/dma-buf/dma-fence.c:1040:38: warning: incorrect type in initializer (different address spaces) > drivers/dma-buf/dma-fence.c:1040:38: expected char const [noderef] __rcu *timeline > drivers/dma-buf/dma-fence.c:1040:38: got char * > drivers/dma-buf/dma-fence.c:1041:36: warning: incorrect type in initializer (different address spaces) > drivers/dma-buf/dma-fence.c:1041:36: expected char const [noderef] __rcu *driver > drivers/dma-buf/dma-fence.c:1041:36: got char * > > It is harmless but lets silence it. > > Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> > Fixes: ac364014fd81 ("dma-buf: cleanup dma_fence_describe v3") > Cc: Christian König <christian.koenig(a)amd.com> > Cc: linux-media(a)vger.kernel.org > Cc: dri-devel(a)lists.freedesktop.org > Cc: linaro-mm-sig(a)lists.linaro.org Reviewed-by: Christian König <christian.koenig(a)amd.com> > --- > drivers/dma-buf/dma-fence.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/dma-buf/dma-fence.c b/drivers/dma-buf/dma-fence.c > index 1826ba73094c..a2aa82f4eedd 100644 > --- a/drivers/dma-buf/dma-fence.c > +++ b/drivers/dma-buf/dma-fence.c > @@ -1037,8 +1037,8 @@ EXPORT_SYMBOL(dma_fence_set_deadline); > */ > void dma_fence_describe(struct dma_fence *fence, struct seq_file *seq) > { > - const char __rcu *timeline = ""; > - const char __rcu *driver = ""; > + const char __rcu *timeline = (const char __rcu *)""; > + const char __rcu *driver = (const char __rcu *)""; > const char *signaled = ""; > > rcu_read_lock();

3 days, 6 hours

Re: [PATCH 15901/15901] drm/vmwgfx: fix NULL pointer dereference in vmw_validation_bo_fence()

by Christian König

On 4/14/26 12:55, popov.nkv(a)gmail.com wrote: > From: Vladimir Popov <popov.nkv(a)gmail.com> > > If vmw_execbuf_fence_commands() call fails in > vmw_kms_helper_validation_finish(), it sets *p_fence = NULL. If > ctx->bo_list is not empty, the caller, vmw_kms_helper_validation_finish(), > passes the fence through a chain of functions to dma_fence_is_array(), > which causes a NULL pointer dereference in dma_fence_is_array(): > > vmw_kms_helper_validation_finish() // pass NULL fence > vmw_validation_done() > vmw_validation_bo_fence() > ttm_eu_fence_buffer_objects() // pass NULL fence > dma_resv_add_fence() > dma_fence_is_container() > dma_fence_is_array() // NULL deref Well good catch, but that is clearly not the right fix. I'm not an expert for the vmwgfx code but in case of an error vmw_validation_revert() should be called an not vmw_kms_helper_validation_finish(). Regards, Christian. > > Fix this by adding a NULL check in vmw_validation_bo_fence(): if the fence > is NULL, fall back to ttm_eu_backoff_reservation()to safely release > the buffer object reservations without attempting to add a NULL fence to > dma_resv. This is safe because when fence is NULL, vmw_fallback_wait() > has already been called inside vmw_execbuf_fence_commands() to synchronize > the GPU. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 038ecc503236 ("drm/vmwgfx: Add a validation module v2") > Cc: stable(a)vger.kernel.org > Signed-off-by: Vladimir Popov <popov.nkv(a)gmail.com> > --- > drivers/gpu/drm/vmwgfx/vmwgfx_validation.h | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_validation.h b/drivers/gpu/drm/vmwgfx/vmwgfx_validation.h > index 353d837907d8..fc04555ca505 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_validation.h > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_validation.h > @@ -127,16 +127,23 @@ vmw_validation_bo_reserve(struct vmw_validation_context *ctx, > * vmw_validation_bo_fence - Unreserve and fence buffer objects registered > * with a validation context > * @ctx: The validation context > + * @fence: Fence with which to fence all buffer objects taking part in the > + * command submission. > * > * This function unreserves the buffer objects previously reserved using > - * vmw_validation_bo_reserve, and fences them with a fence object. > + * vmw_validation_bo_reserve, and fences them with a fence object if the > + * given fence object is not NULL. > */ > static inline void > vmw_validation_bo_fence(struct vmw_validation_context *ctx, > struct vmw_fence_obj *fence) > { > - ttm_eu_fence_buffer_objects(&ctx->ticket, &ctx->bo_list, > - (void *) fence); > + /* fence is able to be NULL if vmw_execbuf_fence_commands() fails */ > + if (fence) > + ttm_eu_fence_buffer_objects(&ctx->ticket, &ctx->bo_list, > + (void *)fence); > + else > + ttm_eu_backoff_reservation(&ctx->ticket, &ctx->bo_list); > } > > /** > -- > 2.43.0 >

3 days, 11 hours

Eingles

by Korbinian Arendt

Ghost mystery recovery Hacker in 2026, was Verified as The Best Cryptocurrency Recovery ghost mystery recovery Hacker, established in 2026, is a trusted leader in cryptocurrency recovery. Known for its professionalism, ghost helps clients recover lost or stolen funds from scams, hacks, and unauthorized transactions. With advanced tools and a dedicated team, they offer tailored solutions for ghost recovery across blockchains. Customers value ghost for its transparency, fast response, and confidential service. Its success rate and commitment make it a top choice for crypto investors. Email address: support@ ghostmysteryrecovery. c om WhatsApp on (+44) 7480 061765 Website; ghostmysteryrecovery. c om

3 days, 13 hours

HOW TO CREATE FLASH USDT FOR TRADING, GAMING AND ONLINE PURCHASES

by romeoexpert8＠gmail.com

In the world of crypto, speed and security aren’t just conveniences—they’re essentials. That’s exactly what Flash USDT delivers. Designed for traders, businesses, and anyone who values instant and reliable transfers, Flash USDT is a powerful software tailored for peer-to-peer USDT (Tether) transactions that are fast, low-cost, and seamless. Official Website: https://globalflashhubs.com/ Whether you're managing a P2P exchange or simply need a trusted tool for transferring digital assets, Flash BTC and USDT offer the performance and security you expect, integrated smoothly into your workflow. What’s New with Flash Coin and Generator Software? Enhanced support for trading P2P across BTC and USDT TRC20 networks, catering to betting, gaming, and forex platforms. New installation guides for Windows and mobile devices, making setup easier than ever. Expanded blockch@in compatibility, allowing you to flash coins directly to Bin@nce, Trust Wallet, and more with confidence. Flash BTC and USDT TRC20 transfers last up to 90 days, ensuring flexibility Why Choose Flash Coin? It’s more than just software—it’s a commitment to trust and efficiency. With Flash Coin, you gain access to one of the most reliable services online for crypto transactions, designed to keep your exchanges swift and secure across multiple platforms. Ready to experience the difference? Shop now and see why traders and businesses worldwide rely on Flash Coin for their digital asset needs. Get Started Today Learn how to install and operate Flash Generator software with easy-to-follow instructions for your device. Whether on desktop or mobile, integrating this tool into your daily routine has never been simpler. Have questions or need support? Reach out directly through our official channels: Official Website: https://globalflashhubs.com/ WhatsApp: https://wa.link/8q02qv Telegram: https://t.me/billier5 Explore more about our products and how Flash USDT can transform your crypto experience:

4 days

Understanding Blockchain Forensics:

by joelwest689＠gmail.com

By combining cross-chain tracing, rapid response, and data-driven investigation, Cipher Rescue Chain stands as the global benchmark for crypto recovery. Every traced transaction, every reconstructed path, and every recovered asset reinforces the same conclusion: with the right forensic expertise, recovery is not only possible—it is highly achievable.

4 days, 9 hours

Re: [PATCH] dma-buf: fix order of trace and fput

by Christian König

On 4/9/26 14:38, Andi Shyti wrote: > Hi Christian, > >> @@ -845,9 +845,8 @@ void dma_buf_put(struct dma_buf *dmabuf) >> if (WARN_ON(!dmabuf || !dmabuf->file)) >> return; >> >> - fput(dmabuf->file); >> - >> DMA_BUF_TRACE(trace_dma_buf_put, dmabuf); >> + fput(dmabuf->file); > > funny, I just found out I sent the exact same patch, just few > minutes later :-) [*] I liked your patch better since it has more accurate tags. Just reviewed and pushed that one to drm-misc-fixes, should land upstream by the end of the week. Regards, Christian. > > Andi > >> } > > [*] https://lore.kernel.org/all/20260408123916.2604101-2-andi.shyti@kernel.org/

4 days, 11 hours

Re: [PATCH RFC 12/26] vfio/pci: Change the DMA-buf exporter to use mapping_type

by Jason Gunthorpe

On Mon, Apr 13, 2026 at 04:29:59PM +0800, Baolu Lu wrote: > On 2/18/26 08:11, Jason Gunthorpe wrote: > > Simple conversion to add a match_mapping() callback that offers an > > exporter SGT mapping type. Later patches will add a physical address > > exporter so go straight to adding the match_mapping() function. > > > > The check for attachment->peer2peer is replaced with setting > > exporter_requires_p2p=true. VFIO always uses MMIO memory. > > > > Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> > > --- > > drivers/vfio/pci/vfio_pci_dmabuf.c | 31 +++++++++++++++++++++++++----- > > 1 file changed, 26 insertions(+), 5 deletions(-) > > > > diff --git a/drivers/vfio/pci/vfio_pci_dmabuf.c b/drivers/vfio/pci/vfio_pci_dmabuf.c > > index d4d0f7d08c53e2..c7addef5794abf 100644 > > --- a/drivers/vfio/pci/vfio_pci_dmabuf.c > > +++ b/drivers/vfio/pci/vfio_pci_dmabuf.c > > @@ -25,9 +25,6 @@ static int vfio_pci_dma_buf_attach(struct dma_buf *dmabuf, > > { > > struct vfio_pci_dma_buf *priv = dmabuf->priv; > > - if (!attachment->peer2peer) > > - return -EOPNOTSUPP; > > - > > if (priv->revoked) > > return -ENODEV; > > @@ -75,11 +72,35 @@ static void vfio_pci_dma_buf_release(struct dma_buf *dmabuf) > > kfree(priv); > > } > > -static const struct dma_buf_ops vfio_pci_dmabuf_ops = { > > - .attach = vfio_pci_dma_buf_attach, > > +static const struct dma_buf_mapping_sgt_exp_ops vfio_pci_dma_buf_sgt_ops = { > > .map_dma_buf = vfio_pci_dma_buf_map, > > .unmap_dma_buf = vfio_pci_dma_buf_unmap, > > +}; > > + > > +static int vfio_pci_dma_buf_match_mapping(struct dma_buf_match_args *args) > > +{ > > + struct vfio_pci_dma_buf *priv = args->dmabuf->priv; > > + struct dma_buf_mapping_match sgt_match[1]; > > + > > + dma_resv_assert_held(priv->dmabuf->resv); > > My understanding of this lock assertion is that priv and the underlying > priv->vdev are accessed within this function. Therefore, the lock is > necessary to protect them. Do I understand it right? It is because we NULL priv->vdev on the cleanup path I'm not sure why my test kernel didn't hit lockdep failures but yes this looks incorrect. > However, callers - for example, dma_buf_mapping_attach() - do not > acquire dma_resv_lock() before calling this function. So kernel traces > will always be triggered. I think this is the fix: diff --git a/drivers/vfio/pci/vfio_pci_dmabuf.c b/drivers/vfio/pci/vfio_pci_dmabuf.c index 9e7e8e7719d1bd..3e31ffb03ddd9a 100644 --- a/drivers/vfio/pci/vfio_pci_dmabuf.c +++ b/drivers/vfio/pci/vfio_pci_dmabuf.c @@ -12,6 +12,7 @@ MODULE_IMPORT_NS("DMA_BUF"); struct vfio_pci_dma_buf { struct dma_buf *dmabuf; struct vfio_pci_core_device *vdev; + struct pci_dev *pdev; struct list_head dmabufs_elm; size_t size; struct phys_vec *phys_vec; @@ -92,6 +93,7 @@ static void vfio_pci_dma_buf_release(struct dma_buf *dmabuf) up_write(&priv->vdev->memory_lock); vfio_device_put_registration(&priv->vdev->vdev); } + pci_dev_put(priv->pdev); kfree(priv->phys_vec); kfree(priv); } @@ -143,18 +145,9 @@ static int vfio_pci_dma_buf_match_mapping(struct dma_buf_match_args *args) struct vfio_pci_dma_buf *priv = args->dmabuf->priv; struct dma_buf_mapping_match sgt_match[2]; - dma_resv_assert_held(priv->dmabuf->resv); - - /* - * Once we pass vfio_pci_dma_buf_cleanup() the dmabuf will never be - * usable again. - */ - if (!priv->vdev) - return -ENODEV; - sgt_match[0] = DMA_BUF_EMAPPING_PAL(&vfio_pci_dma_buf_pal_ops); sgt_match[1] = DMA_BUF_EMAPPING_SGT_P2P(&vfio_pci_dma_buf_sgt_ops, - priv->vdev->pdev); + priv->pdev); return dma_buf_match_mapping(args, sgt_match, ARRAY_SIZE(sgt_match)); } @@ -323,6 +316,7 @@ int vfio_pci_core_feature_dma_buf(struct vfio_pci_core_device *vdev, u32 flags, goto err_dev_put; } + priv->pdev = pci_dev_get(vdev->pdev); kref_init(&priv->kref); init_completion(&priv->comp);

4 days, 12 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Linaro-mm-sig